ISSUE-52: benchmarking success -- it's out there (public comment)
http://www.w3.org/2006/WSC/Group/track/issues/52
Raised by: Bill Doyle
On product: Note: use cases etc.
>From public comments
raised by: Al Gilman Alfred.S.Gilman@ieee.orghttp://lists.w3.org/Archives/Public/public-usable-
authentication/2007Apr/0000.html
benchmarking success -- it's out there
where it says, in 10 Process
There are no worked examples of
standards of usable security to emulate.
Whoa! think again
Credit care and debit card operations at groceries, along with RFID based
gasoline purchase tokens are all existence proofs of successful tradeoffs
between usability and security.
You need to note "what works" that is "what secure+usable systems are there as
close to the targeted domain of Web commerce as we can get?" and not just look
inside a narrow definition of that domain and say "there are none."
Benchmark the closest approaches between the domain of successful applications
and your desired target domain. Don't fail to do this.